General
-
Target
501f9a140db000b24c0be1f9854033cb30dc6f90f3f15dacd2888e1d0ebcdf96
-
Size
960KB
-
Sample
230320-pjadzafe3s
-
MD5
e6ecd337ea46c5d4f92102fe8ffd66cf
-
SHA1
d7f2d639286f2fe4c0919f1c311a1e5e467e267d
-
SHA256
501f9a140db000b24c0be1f9854033cb30dc6f90f3f15dacd2888e1d0ebcdf96
-
SHA512
98e323e9702e6d9cfd9296ca79b944460a7a56e24c711c13a5d97d7afd7d90806cdf6b5681768e49a7291689df53b2b90267da10c482e3ddc86540e824c1f492
-
SSDEEP
24576:oywmVdKOY0CS+SD9uEKmNzIg1cyr2M3nI37NYguk9eT:vOAD9uEKmNcEciz3n+RY5
Static task
static1
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
vint
193.233.20.30:4125
-
auth_value
fb8811912f8370b3d23bffda092d88d0
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
501f9a140db000b24c0be1f9854033cb30dc6f90f3f15dacd2888e1d0ebcdf96
-
Size
960KB
-
MD5
e6ecd337ea46c5d4f92102fe8ffd66cf
-
SHA1
d7f2d639286f2fe4c0919f1c311a1e5e467e267d
-
SHA256
501f9a140db000b24c0be1f9854033cb30dc6f90f3f15dacd2888e1d0ebcdf96
-
SHA512
98e323e9702e6d9cfd9296ca79b944460a7a56e24c711c13a5d97d7afd7d90806cdf6b5681768e49a7291689df53b2b90267da10c482e3ddc86540e824c1f492
-
SSDEEP
24576:oywmVdKOY0CS+SD9uEKmNzIg1cyr2M3nI37NYguk9eT:vOAD9uEKmNcEciz3n+RY5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-